Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Discuss
  3. STUN/TURN server debugging

STUN/TURN server debugging

Scheduled Pinned Locked Moved Discuss
stunturnwebrtc
3 Posts 3 Posters 1.2k Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • luckowL Offline
    luckowL Offline
    luckow translator
    wrote on last edited by girish
    #1

    On Tuesday I had some trouble with customers who were unable to join a BigBlueButton conference due to a limited government network.
    The typical solution for this type of network is a STUN/TURN server constellation, which can be used by these clients to join the meeting via the TURN server.

    I had no clue how to try out to be part of that kind of limited network / to simulate it and why the STUN/TURN server does not work for them.

    I found only two interesting links for testing. Maybe they are helpful for your own debugging too.

    • https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
    • https://test.webrtc.org/

    Additionally there is a setting in firefox:

    about:config
media.peerconnection.ice.relay_only set to true

    ice-errors_simulation-in-firefox.png

    At the end, the easiest solution is really simple.
    The typical government network firewall looks like:

    iptables -P OUTPUT DROP
iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p upd -m upp --dport 53 -j ACCEPT

    Only port 80/443/53 are allowed. Rest is blocked

    For this reason WebRTC BigBlueButton meetings without TURN server do not work for them. If you have little snitch on your mac, you can easily simulate this kind of network.

    Pronouns: he/him | Primary language: German

    1 Reply Last reply
    3
    • girishG Offline
      girishG Offline
      girish Staff
      wrote on last edited by
      #2

      Maybe this helps @robi debug some of the webrtc issues.

      robiR 1 Reply Last reply
      1
      • robiR Offline
        robiR Offline
        robi
        replied to girish on last edited by
        #3

        @girish We're already done.. had to have udp ports open in the 50,000 range and TURN/STUN ports.

        Thanks for thinking of me though 😛

        Conscious tech

        1 Reply Last reply
        0

        • Login
        • Don't have an account? Register
        • Login or register to search.
        • First post
          Last post
        0
        • Categories
        • Recent
        • Tags
        • Popular
        • Bookmarks
        • Search